feat(helm): add security context for init container

for ex istio using 1337 for init containers
2022-06-16 17:52:29 +04:00 · 2022-06-16 17:52:29 +04:00 · 14165fabed
commit 14165fabed
parent 2a5e0dc1f1
2 changed files with 15 additions and 1 deletions
--- a/helm/oncall/templates/_helpers.tpl
+++ b/helm/oncall/templates/_helpers.tpl
@ -85,6 +85,8 @@ Create the name of the service account to use
  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
  imagePullPolicy: {{ .Values.image.pullPolicy }}
  command: ['sh', '-c', "until (python manage.py migrate --check); do echo Waiting for database migrations; sleep 2; done"]
+  securityContext:
+  {{ toYaml .Values.init.securityContext| nindent 4}}
  env:
    {{- include "snippet.oncall.env" . | nindent 12 }}
    {{- include "snippet.mysql.env" . | nindent 12 }}
@ -93,4 +95,4 @@ Create the name of the service account to use
    {{- if .Values.env }}
      {{- toYaml .Values.env | nindent 12 }}
    {{- end }}
-{{- end }}
+{{- end }}
--- a/helm/oncall/values.yaml
+++ b/helm/oncall/values.yaml
@ -160,3 +160,15 @@ securityContext: {}
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
+
+init:
+  securityContext: {}
+    # allowPrivilegeEscalation: false
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # privileged: false
+    # readOnlyRootFilesystem: true
+    # runAsGroup: 1337
+    # runAsNonRoot: true
+    # runAsUser: 1337